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We define a type system with intersection types for an extension of lambda-calculus with unbind and 
rebind operators. In this calculus, a term t with free variables x\, . . . ,x n , representing open code, can 
be packed into an unbound term ( x\ , . . . ,x„ | t ), and passed around as a value. In order to execute 
inside code, an unbound term should be explicitly rebound at the point where it is used. Unbinding 
and rebinding are hierarchical, that is, the term t can contain arbitrarily nested unbound terms, whose 
inside code can only be executed after a sequence of rebinds has been applied. Correspondingly, 
types are decorated with levels, and a term has type x k if it needs k rebinds in order to reduce to 
a value of type T. With intersection types we model the fact that a term can be used differently in 
contexts providing different numbers of unbinds. In particular, top-level terms, that is, terms not 
requiring unbinds to reduce to values, should have a value type, that is, an intersection type where 
at least one element has level 0. With the proposed intersection type system we get soundness under 
the call-by-value strategy, an issue which was not resolved by previous type systems. 



Introduction 

In previous work Ifl2l [131 we introduced an extension of lambda-calculus with unbind and rebind opera- 
tors, providing a simple unifying foundation for dynamic scoping, rebinding and delegation mechanisms. 
This extension relies on the following ideas: 

• A term ( Y \ t ), where T is a set of typed variables called unbinders, is a value, of a special type 
code, representing "open code" which may contain free variables in the domain of T. 

• To be used, open code should be rebound through the operator t[r], where r is a (typed) substitution 
(a map from typed variables to terms). Variables in the domain of r are called rebinders. When 
the rebind operator is applied to a term ( T 1 1 ), a dynamic check is performed: if all unbinders are 
rebound with values of the required types, then the substitution is performed, otherwise a dynamic 
error is raised. 

For instance, the termQ (x,y \ x + y )[x i->- l,y 2] reduces to 1 + 2, whereas both ( x,y \ x+y ) [x i-» 1] 
and ( .rint | x + 1 ) [x:int — > int i-> Xy.y + 1] reduce to error. 

Unbinding and rebinding are hierarchical, that is, the term t can contain arbitrarily nested unbound 
terms, whose inside code can only be executed after a sequence of rebinds has been applied^]. For 
instance, two rebinds must be applied to the term (x|x+(x|x))in order to get an integer: 
(x | x+ {x I x) }[x (->• l][x h->-2] — > (1 + {x | jc))[xi->-2] 

— > {l[x^2}) + ((x\x)[x^2}) 
— >* 1+2 

*This work has been partially supported by MIUR DISCO - Distribution, Interaction, Specification, Composition for Object 
Systems, and IPODS - Interacting Processes in Open-ended Distributed Systems. 

1 In the examples we omit type annotations when they are irrelevant. 

2 See the Conclusion for more comments on this choice. 
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Correspondingly, types are decorated with levels, and a term has type z k if it needs k rebinds in order 
to reduce to a value of type z. With intersection types we model the fact that a term can be used differently 
in contexts which provide a different number k of unbinds. For instance, the term (jc|jc+(jc|je)) above 
has type int 2 A code , since it can be safely used in two ways: either in a context which provides two 
rebinds, as shown above, or as a value of type code, as, e.g., in: 

(Xy.y\x l][x h4 2]) (x \ x+ (x \ x ) ) 

On the other side, the term ( x \ x+ ( x \ x ) ) does not have type int , since by applying only one rebind 
with [x i-> 1] we get the term 1 + ( x \ x ) which is stuck. 

The use of intersection types allows us to get soundness w.r.t. the call-by-value strategy. This issue 
was not resolved by previous type systems lfl2l IT3l where, for this reason, we only considered the call- 
by-name reduction strategy. To see the problem, consider the following example. 

The term 

(Xy.y[x^2)){\ + {x\x)) 

is stuck in the call-by-value strategy, since the argument is not a value, hence should be ill typed, even 
though the argument has type int , which is a correct type for the argument of the function. By using 
intersection types, this can be enforced by requiring arguments of functions to have value types, that is, 
intersections where (at least) one of the conjuncts is a type of level 0. In this way, the above term is ill 
typed. Note that a call-by-name evaluation of the above term gives 

(Xy.y[x^2})(\ + (x\x)) — > (1 + (x \ x ))[x h-> 2] 

— ► (l[x^2]) + ((x\x)[x^2\) 
— 1 + 2. 

Instead, the term (Aj.j[x i-> 2]) ( x | 1 +x ) is well typed, and it reduces as follows in both call-by-value 
and call-by-name strategies: 

(Xy.y[x^2])(x\l+x) — > (x \ l+x)[x^2] 

— > 1+2. 

It is interesting to note that this phenomenon is due to the possibility for operators (in our case for 
+) of acting on arguments which are unbound terms. This design choice is quite natural in view of dis- 
cussing open code, as in MetaML l23l . In pure A -calculus there is no closed term which converges when 
evaluated by the lazy call-by-name strategy and is stuck when evaluated by the call-by-value strategy. 
Instead there are closed terms, like (Xx.Xy.y)((Xz-Zz)(Xz-Zz)), which converge when evaluated by the 
lazy call-by-name strategy and diverge when evaluated by the call-by-value strategy, and open terms, 
like (Xx.Xy.y)z, which converge when evaluated by the lazy call-by-name strategy and are stuck when 
evaluated by the call-by-value strategy!! 

In summary, the contribution of this paper is the following. We define a type system for the calculus 
of Dezani et al. lfl2"l[T3TL where, differently from those papers, we omit types on the lambda-binders in 
order to get the whole expressivity of the intersection type constructor [25]. The type system shows, in 
our opinion, an interesting and novel application of intersection types. Indeed, they handle in a uniform 
way the three following issues. 

• Functions may be applied to arguments of (a finite set of) different types. 

• A term can be used differently in contexts providing different numbers of unbinds. Indeed, an 
intersection type for a term includes a type of form z k if the term needs k rebinds in order to 
reduce to a value of type z. 

3 Note that following Pierce 1 18 1 we consider only A-abstractions as values, while for Plotkin 1 19] also variables are values. 
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• Most notably, the type system guarantees soundness for the calhby-value strategy, by requiring 
that top-level terms, that is, terms which do not require unbinds to reduce to values, should have 
value types. 



Paper Structure. In Section Q] we introduce the syntax and the operational semantics of the language. 
In Section |2] we define the type system and prove its soundness in Section [3] In Section 0] we discuss 
related and further work. 



1 Calculus 

The syntax and reduction rules of the calculus are given in Figured] 



t 

r 

r 

v 
r v 



X | n 1 1\ + 1% | Xx.t 1 1\ t% | ( r 1 1 } | t[r] | error term 

x\ : T\ , . . . , x m : T m type context 

x\ :T\ h- > ti, . . . ,x m '-T m i— > t m (typed) substitution 



Xx.t | ( r 1 1 ) | n 

x\\T\ ^vi,...,x m :T m \-+v m 

[]\g + t\n + S\ £t\vg \ t[r,x:T^ 

X\ I— > Vl , . . . ,X m I—?- v m 



value 

value substitution 

evaluation context 
(untyped) substitution 



/ii+«2 — >n if n = n\ + h% (Sum) 

(Xx.t) v — > t{x i — ^ v} (APP) 
( T 1 1) [r v ] — > t{subst{r v \ dom(Y) } if T C tenv(f 



( r | t ) [r v ] — > error 
n[r v ] — > n 

(t l +t 2 )[r v ]^t l [r v } + t 2 [r v ] 
(Xx.t)[r v ] -^Xx.t[r v ] 
{hh)[r v \ ^ h[r v ]t 2 [r v ] 



if r % tenv(r v 



if t[r] 



error \r 



error 



(RebindUnbindYes) 
(RebindUnbindNo) 
(RebindNum) 
(RebindSum) 
(RebindAbs) 
(RebindApp) 
(RebindRebind) 
(RebindError) 



error 



S[t] g[t'\ 



(Ctx) 



(CtxError) 



error 



Figure 1 : Syntax and reduction rules 



Terms of the calculus are the A-calculus terms, the unbind and rebind constructs, and the dynamic 
error. Moreover, we include integers with addition to show how unbind and rebind behave on primitive 
data types. Unbinders and rebinders are annotated with types T, which will be described in the following 
section. Here it is enough to assume that they include standard int and functional types. Type contexts 
and substitutions are assumed to be maps, that is, order is immaterial and variables cannot appear twice. 
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Free variables and application of a substitution to a term are denned in Figure [2 Note that an 
unbinder behaves like a A -binder: for instance, in a term of shape ( x 1 1 ), the unbinder x introduces a 
local scope, that is, binds free occurrences of x in t. Hence, a substitution for x is not propagated inside 
t. Moreover, a condition, which prevents capture of free variables similar to the A -abstraction case is 
needed. For instance, the term (Av.( x \ y }) (Az.x) reduces to ( x \ y ){y i-> Xz-x} which is stuck, i.e., it 
does not reduce to ( x \ Az.x }, which would be wrong. 

However, A -binders and unbinders behave differently w.r.t. a-equivalence. A A -binder can be re- 
named, as usual, together with all its bound variable occurrences, whereas this is not safe for an unbinder: 
for instance, ( x \ x + 1 ) [x H > 2] is not equivalent to ( y \ y + 1 )[x ^ 2]. Only a global renaming, e.g., 
leading to(y|y + l}[yi->2], would be safe0 



FV(x) = {x} 
FV(n) = 

FV(ti + t 2 )=FV(t l )UFV(t 2 ) 
FV{Xx.t) = FV(t) \ {x} 
FV(t 1 t 2 )=FV(h)UFV(t 1 ) 
FV((T\t))=FV(t)\dom(r) 
FV(t[r}) = FV{t)UFV(subst(r)) 
FV(x l ^t l ,...,x m ^t m ) = [j iel m FV(ti) 

x{a} = v if o(x) = v 
x{a} =xifx$L dom(a) 
n{o} = n 

{ti+t 2 ){o} = t l {o} + t 2 {o} 
{Xx.t){o} = Xx.t{o\{ x }} if x <£FV(<J) 
{t i t 2 ){o} = h{o}t 2 {o} 

( T 1 1 ){a} = (T | t{o Vom(T) } ) if dom(T)c\FV{o) = 

i[x\:Ti h^ti,...,x m :T m t-^t m ]{a} = t{a}[xi:T 1 ^ ti{a}, . . . ,x m :T m h- t m {o}] 

Figure 2: Free variables and application of substitution 



The call-by-value operational semantics is described by the reduction rules and the definition of the 
evaluation contexts S" . We denote by h the integer represented by the constant n, by tenv(r) and subst(r) 
the type context and the untyped substitution, respectively, extracted from a typed substitution r, by dom 
the domain of a map, by Ou Xl ,..., x „} and o\ r xi x \ the substitutions obtained from a by restricting to or 
removing variables in set {jci , . . . ,x n }, respectively. 

Rules for sum and application (of a lambda to a value) are standard. The (Rebind.) rules determine 
what happens when a rebind is applied to a term. There are two rules for the rebinding of an unbound 
term. Rule (RebindUnbindYes) is applied when the unbound variables are all present (and of the required 
types), in which case the associated values are substituted, otherwise rule (RebindUnbindNo) produces a 

4 A more sophisticated solution |5 1 allows local renaming of unbinders by a "precompilation" step annotating variables with 
indexes, which can be a-renamed, but are not taken into account by the rebinding mechanism. Indeed, variable occurrences 
which are unbinders, rebinders, or bound to an unbinder, actually play the role of names rather than standard variables. Note 
that variables in a rebinder, e.g., x in [ih->2], are not bindings, and x is neither a free, nor a bound variable. See the Conclusion 
for more comments on this difference. 
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dynamic error. This is formally expressed by the side condition T C tenv(r). Note that arebind applied to 
a term may be stuck even though the variables are all present and of the right type, when the substitution 
is not defined. This may be caused by the fact that when applied to an unbound term, a substitution 
could cause capture of free variables (see the example earlier in this section). Rebinding a term which 
is a number or error does not affect the term. On sum, abstraction and application, the rebind is simply 
propagated to subterms, and if a rebind is applied to a rebound term, (RebindRebind), the inner rebind is 
applied first. The evaluation order is specified by rule (Ctx) and the definition of contexts, S, that gives 
the calLby- value strategy. Finally rule (CtxError) propagates errors. To make rule selection deterministic, 
rules (Ctx) and (CtxError) are applicable only when S ^ []. As usual — >* is the reflexive and transitive 
closure of — >. 

When a rebind is applied, only variables which were explicitly specified as unbinders are replaced. 
For instance, the term (x\x + y)[xt-> 1, y 2] reduces to 1 + y rather than to 1 + 2. In other words, the 
unbinding/rebinding mechanism is explicitly controlled by the programmer. 

Looking at the rules we can see that there is no rule for the rebinding of a variable. Indeed, it will be 
resolved only when the variable is substituted as effect of a standard application. For instance, the term 
(A;y.;y[x i-» 2]) (x | x+ 1 ) reduces to ( x \ x + 1 )[x \- > 2]. 

Note that in rule (RebindAbs), the binder x of the A -abstraction does not interfere with the rebind, 
even in case x £ dom(r). Indeed, rebind has no effect on the free occurrences of x in the body of the X- 
abstraction. For instance, (Axx + ( x | x ))[x i-» 1] 2, which is a-equivalent to (Xy.y + (x | x ))[x h-> 1] 2, 
reduces in some steps to 2+ 1. On the other hand, both A binders and unbinders prevent a substitution 
for the corresponding variable from being propagated in their scope, for instance: 

(x,y | x + Xx.{x + y) + ( x \ x + y ) )[x 2,y i-)- 3] — > 2 + (Ax.x + 3) + ( x \ x + 3 ) 

A standard (static) binder can also affect code to be dynamically rebound, when it binds free variables 
in a substitution r, as shown by the following example: 

(Xx.Xy.y[x h4 x] +x)l (x | x + 2 ) — > (Xy.y[x i-> 1] + 1) (x | jt + 2 ) 
— > (x\x + 2)[x^l] + l — ► 1+2+1. 

Note that in [x h-> x] the two occurrences of x refer to different variables. Indeed, the second is bound by 
the external lambda whereas the first one is a rebinder. 

2 Type system 

We have three kinds of types: primitive types x, value types V, and term types T; see Figure [3] 

T :: = X k | T\ A T 2 (it 6 N) term type 
V ::= T°|VAr value type 

X '.'.= int | code | T — > T' primitive type 

Figure 3: Types 



Primitive types characterise the shape of values. In our case we have integers (int), functions (T — > 
T'), and code, which is the type of a term ( Y \ t ), that is, (possibly) open code. 

Term types are primitive types decorated with a level k or intersection of types. If a term has type x k , 
then by applying k rebind operators to the term we get a value of primitive type x. We abbreviate a type 
T° by x. Terms have the intersection type T\ A T 2 when they have both types T\ and T 2 . On intersection 
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we have the usual congruence due to idempotence, commutativity, associativity, and distributivity over 
arrow type, defined in the first four clauses of Figure [H 

Value types characterise terms that reduce to values, so they are intersections in which (at least) one 
of the conjuncts must be a primitive type of level 0. For instance, the term ( x : int [ ( y : int | x + y ) ) 
has type code A code 1 A int 2 , since it is code that applying one rebinding produces code that, in turn, 
applying another rebinding produces an integer. The term ( x : int | x + ( y : int | y + 1 ) ) has type 
code A int 2 since it is code that applying one rebinding produces the term n + ( y : int | y + 1 ), for 
some n. Both code A code 1 A int 2 and code A int 2 are value types, whereas int 1 , which is the 
type of term n + ( y : int | y + 1 ) , is not a value type. Indeed, in order to produce an integer value the 
term must be rebound (at least) once. The typing rule for application enforces the restriction that a term 
may be applied only to terms reducing to values, that is the call-by-value strategy. Similar for the terms 
associated with variables in a substitution. 

Let / = {1,. . . ,m}. We write /\ ieI if* and Afei..#» T f' to denote ?f 1 A • • • A T*j». N ote that any type T 
is such that T = f\ iel m if', for some Z\ and k{ (i € l..m). Given a type T = /\ (gl m T ki , with {T)® h we 
denote the type A ie i..m 

T=TAT TiAT 2 = T 2 AT 1 T x A (T 2 A T 3 ) = (Ti A T 2 ) A T 3 

(T T{) k A (T T 2 ) k = (T -> Ti A T 2 ) k (T' -> (T)® h ) k+l = (T' -> (r)®^ 1 ))^ 



Figure 4: Congruence on types 

Figure @] defines congruence on types. In addition to the standard properties of intersection, the 
last clause says that the level of function types can be switched with the one of their results. That is, 
unbinding and lambda-abstraction commute. So rebinding may be applied to lambda-abstractions, since 
reduction rule (RebindAbs) pushes rebinding inside. For instance, the terms ( T | Xx.t ) and Xx.( F \ t ) 
may be used interchangeably. 

int* < int* +1 T Y AT 2 < T { 

T 2 <T\ T[< T' 2 Ti <T[ T 2 < T' 2 



(T x ^T[) k < (T 2 -> T' 2 ) k T\ AT 2 <T[ A T' 2 

Ti <T 2 T 2 < T 3 Ti = T 2 

Ti <T 3 Ti< T 2 



Figure 5: Subtyping on types 

Subtyping, defined in Figure [5l expresses subsumption, that is, if a term has type 7\, then it can be 
used also in a context requiring a type T 2 with Ti <T 2 . For integer types it is justified by the reduction 
rule (RebindNum), since once we obtain an integer value any number of rebindings may be applied]^ 
For intersections, it is intersection elimination. The other rules are the standard extension of subtyping 



'Note that the generalisation of int* < int* +I to T k < T k+l is sound but useless 
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to function and intersection types, transitivity, and the fact that congruent types are in the subtyping 
relation. 

rhf:Ti Fht:T 2 F\-f.T T <T' IYjc) = T 

(T-lNTER) — — (T-SUB) (T-VAR) — 

1 h t .T\ AT 2 1 r t . V I h x :T 

F h h •■ int fc r h t 2 : int* 

(T-NUM) — — ^ (T-SUM) — — - — r (T-ERROR) — 

Fh/i: mt u r h t\ + t 2 : int* T h error : T 

r,x:Thf.r r i- ?i : (v — >• r)° rh? 2 :v 

(T-ABS) TTT^ 77^ ZTTTT (T-APP) 



r h A,x.f : (T -> T'f T^txh-.T 

r,r'hf:r r,P\-t:T 

(T-UNBIND-O) ; ■ ; ft (T-UNBIND) 



r h ( F | t) : code v ' r h ( F 1 1 ) : (T) el 

rhf:(r) el Thr:ok rh? ; :V,- V,<r,- (/Gl..m 

(T-Rebind) — — — : (T-REBINDING) 



T\-t[r]:T F h xi'.Ti (->• fi, ... ,x m :T m (->■ f OT : ok 

Figure 6: Typing rules 



Typing rules are defined in Figure [6l We denote by T, F the concatenation of the two type contexts 
r and F with disjoint domains, which turns out to be a type context (map) as well. 

A number has the value type int°. With rule (t-Sub), however, it can be given the type int k for any 
k. Rule (T-sum) requires that both operands of a sum have the same type, with rule (T-Sub) the term can be 
given as level the biggest level of the operands. Rule (T-error) permits the use of error in any context. 
In rule (t-abs) the initial level of a lambda abstraction is since the term is a value. With rule (T-Sub) we 
may decrease the level of the return type by increasing, by the same amount, the level of the whole arrow 
type. This is useful since, for example, we can derive 

h Xx.x + ( y:int \ y + ( z:int | z ) ) '. (int — > int 1 ) 1 

by first deriving the type (int — > int 2 ) for the term, and then applying (t-Sub). Therefore, we can give 
type to the rebinding of the term, by applying rule (T-rebinding) that requires that the term to be rebound 
has level bigger than 0, and whose resulting type is decreased by one. For example, 

h (Xx.x + (y:int \ y+( z:int | z ) ))[y:int H> 5] : (int ->■ int 1 ) 

which means that the term reduces to a lambda abstraction, i.e., to a value, which applied to an integer 
needs one rebind in order to produce an integer or error. The rule (T-App) assumes that the type of the 
function be a level type. This is not a restriction, since using rule (T-Sub), if the term has any function 
type it is possible to assign it a level type. The type of the argument must be a value type. This 
condition is justified by the example given in the introduction. 

The two rules for unbinds reflect the fact that code is both a value, and as such has type code , 
and also a term that needs one more rebinding than its body in order to produce a value. Taking the 
intersection of the types derived for the same unbind with these two rules we can derive a value type for 
the unbind and use it as argument of an application. For example typing ( y : int | y ) by code A int 1 
we can derive type int for the term 
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(Xx.2 + x\y: int i— ¥ 3])( y : int | y }. 

The present type system only takes into account the number of rebindings which are applied to a 
term, whereas no check is performed on the name and the type of the variables to be rebound. This 
check is performed at runtime by rules (RebindUnbindYes) and (RebindUnbindNo). In papers introducing the 
calculus lfT2l [T3l we have also provided an alternative type system (for the call-by-name calculus) such 
that this check is statically perfomed, see the Conclusion for more comments. 

Note that terms which are stuck since application of substitution is undefined, such as the previous 
example (Xy.{ x\y )) (Az.x), are ill typed. Indeed, in the typing rules for unbinding, unbinders are 
required to be disjoint from outer binders, and there is no weakening rule. Hence, a type context for the 
example should simultaneously include a type for x and not include a type for x in order to type Xz-X and 
Xy.{ x | y ), respectively. For the same reason, a peculiarity of the given type system is that weakening 
does not hold, in spite of the fact that no notion of linearity is enforced. 

3 Soundness of the type system 

The type system is safe since types are preserved by reduction and a closed term with value type is 
a value or error or can be reduced. In other words the system has both the subject reduction and the 
progress properties. Note that a term that may not be assigned a value type can be stuck, as for example 
1 + ( x:int | x }, which has type int 1 . 

The proof of subject reduction (Theorem [5) is standard. We start with a lemma (Lemma Q]) on the 
properties of the equivalence and pre-order relation on types, which can be easily shown by induction on 
their definitions. Then we give an Inversion Lemma (Lemma©, a Substitution Lemma (LemmaO and 
a Context Lemma (Lemma [4]). Lemmas [2] and [3] can be easily shown by induction on type derivations. 
The proof of Lemma|4]is by structural induction on contexts. 

Lemma 1 

1. IfA i€ i(Ti -> T'{f = (T -> T')°, then Tj = T for all i € / and /\ iel T\ = T. 

2. Iff\ ieI (Ti -> r/)° < T, then there are L, f h % (I € L), such that T = Ai eL {t, f/) , and for all 
I € L there is J[ C / with 

• T[ < Tjfor all j G //, and 

• A** T'j < T[. 

Lemma 2 (Inversion Lemma) 

1. IfThx:T, thenT(x) < T. 

2. IfThn:T, then int < T. 

3. IfT \-ti+t 2 :T, then int < T and F \- t\ : T and T h t 2 : T. 

4. IfTY- Xx.t : T, then there are m, T u T- (i £ l..m) such that T = A,ei..m(^' ~~ ^ ^T)°> andT,x:Ti htiT- 
(i £ l..m). 

5. IfT h t\t 2 : T, then there is V such that T h t\ : ( V ->■ T)° and T h t 2 : V. 

6. IfF\-{r'\t):/\ ieUm ^,then 

• r,r' h t : zf'~ Y for all k t > 0, and 

• %{ = code for all k\ = 0. 
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When m = \ and k\ = Owe also have T, T' h t : T ', for some V . 

7. IfY h t[r] : Aiei.-m ^ ^« F h f : A i£ i.. m tf' +1 anrf T h r : ok. 

8. IfT \- x\.T\ i — y t\) . . , ,x m :T m \— > ? m : ok, ?/jere are V, < Tifor i G l../n swc/j that F h ?, : Vj. 

Proof By induction on typing derivations. We only consider some interesting cases. 

For Point ((U), if the last applied rule is (T-sub), then the result follows by induction from Lemma[Tj2]). 
For the same Point if the last applied rule is (T-inter), then let T h Xx.t : T A T'. By induction hypothesis 
there are m, m' , T\, r„ fj (i G l..m, j € \..m') such that: 

• ^A/ei.. m (7Wf,-)°, 

• r,x:r ; - h ? : Ti (i G l..m), 

• r'^A y . 6l .. m ,(r;^f;)°,and 

• r,x:rj h f : t 'j (j G l..m'). 

Therefore T AT' = A ieUm (Ti -> f,)° A l\ m . M ,{T'j -> ^)°. 

For Point (O if the last applied rule is (t-inter), then let r h t\ ? 2 : T\ A r 2 . By induction hypothesis 
we have r h *i : 7; -> 7; and r h ? 2 : 7, for some V/, / = 1 , 2. We derive r h fi : ( Vi ->■ T\ ) A ( V 2 -> T 2 ) 
and r h ? 2 : V\ A V 2 by rule (t-inter). Since (V\ — > Ti) A (V 2 — ► T 2 ) < ^ A V 2 -> Ti A T 2 , applying rule 
(t-sub) we get r h ti : V\ A V 2 -> T { A T 2 . 

Lemma 3 (Substitution Lemma) IfT,x:T \-f.T 1 , and T\~v :T, then T h t{x (-)• v} : T'. 
Lemma 4 (Context Lemma) Lef r h : T, then 

• T\-f. T' for some T', and 

• if r h r' : T', then F h : r,/or a// 

Theorem 5 (Subject Reduction) 7/T h f.T and t — >t', then T\-t':T. 

Proof By induction on reduction derivations. We only consider some interesting cases. 

If the applied rule is (App), then 

(Xx.t)v — > t{x i — y v} 

From T h (Xx.t)v : T by Lemma |2l case (fS) we have that: there is V such that T h Xx.t : (V —> T)° 
and T h v : V. By Lemma [2l case (01) we have that there are m, Ti, T\ (i £ l..m) such that (V — > T) = 
Aiel m(^i ~~ ^ ^T)°> an d r,x:r,- \- t :T[ (i G l..m). From Lemma[T][T|) we get T, = V for all i G l..m and 
Aiei..m ^ = ^- Then we can derive r,x:V h t : T using rules (T-Sub) and (T-inter). By Lemma[3]we con- 
clude that Tht{x^ v} : T. 

If the applied rule is (RebindUnbindYes), then 

( T' | [r v ] — > K^^K^Ol^ntr)} r' C ^v(r v ) 

Let '"| , rfom (p- ) = JCi 'T\ i — ^ vi , . . . ,x m :T m i-> v m . Since T' C tenv(r v ) we have that V = x\ :T\ , . . . ,x m :T m . 
From r h ( r' | t ) [r v ] : T by LemmaEl case ©, we get T = f\ iel n x\< and T h ( T' | t) : /\ iel n and 
rhr 1 ': ok. From Lemma|2l case (O, we have that r,r' h t : A, e i « Moreover, by Lemma[2l case ©, 
and rule (T-Sub) we have that T h r v : ok implies that T h v ; - : T,- for / G l..m. Applying m times Lemma|3l 
we derive F h f{5wfef(r v )| dom ( r /)} : 7\ 
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In order to show the Progress Theorem (Theorem [9]>, we start as usual with a Canonical Forms 
Lemma (Lemma©. Then we state the standard relation between type contexts and free variables (Lemma 
|7]), and lastly we prove that all closed terms which are rebound terms always reduce (Lemma[8]). 

Lemma 6 (Canonical Forms) 

1. If\~v: int°, then v = n. 

2. Ifh v : code , then v = ( T \ t). 

3. If\- v : (T -> T'f, then v = Xx.t. 
Proof By case analysis on the shape of values. 
Lemma 7 IfFhf.T, then FV(t) C dom{T). 
Proof By induction on type derivations. 

Lemma 8 If t = t'[r v ]for some t' and r v , and FV(t) = 0, then t — > t" for some t". 

Proof Let t = t'[r\] ■ ■ ■ [r v n ] for some t' , r|, . . . , r v n (n > 1), where t' is not a rebind. The proof is by 
mathematical induction on n. 

If n = 1, then one of the reduction rules is applicable to t'[r\]. Note that, if t 1 = ( T 1 1\ ), then rule 
(RebindUnbindYes) is applicable in case T is a subset of the type environment associated with r\, otherwise 
rule (RebindUnbindNo) is applicable. 

Let t = t'[r\\ ■ ■ ■ [r v n+l ]. If FV(t'[r\] ■ ■ ■ [r v n+l \) = 0, then also FV(t'[r\] ■ ■ ■ [r v n ]) = 0. By induction hypothesis 
t'[r\] ■ ■ ■ [rjj] — > t", therefore t'[r\] ■ ■ ■ [r v n+l ] — > t"[ r l + \] wit h rule (RebindRebind). 

Theorem 9 (Progress) If\- t: V, then either t is a value, or t = error, or t — > t' for some t'. 

Proof By induction on the derivation of h t : V with case analysis on the last typing rule used. 

If t is not a value or error, then the last applied rule in the type derivation cannot be (t-num), (T-error), 
(T-abs), (T-unbind-0), or (T-unbind). Moreover the typing environment for the expression is empty, hence 
by Lemma[7]the last applied rule cannot be (T-var). 

If the last applied rule is (T-sub), note that T < V implies that T is a value type, and therefore the 
theorem holds by induction. 

If the last applied rule is (T-app), then t = t\ t%, and taking into account that the resulting type must be 
a value type: 

h 1 1 : V' -» V \-t 2 :V 
P h h : V 

If t\ is not a value or error, then, by induction hypothesis, t\ — > t\. So t\ ti = £[ti] with £ = [] t 2 , and by 
rule (Ctx), t\ t% — > t\ %i. If t\ is error, we can apply rule (ContError) with the same context. It t\ is a value 
v, and t 2 is not a value or error, then, by induction hypothesis, t% — > t' 2 . So t\ t 2 = £[ti] with £ = v [], 
and by rule (Ctx), vt 2 — > vt' 2 . If t 2 is error, we can apply rule (ContError) with the same context. If both 
t\ and t 2 are values, then by Lemma© case ©, t\ = Xx.t' and, therefore, we can apply rule (App). 

If the last applied rule is (t-Sum), then t = t\ + 1% and taking into account that the resulting type must 
be a value type: 

h t\ : int° h t 2 : int° 
h t\ + t 2 : int° 
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If t\ is not a value or error, then, by induction hypothesis, ?i — > t[. So by rule (Crx), with context 
$ = [] + h, we have t\ + t% — > t\ +t%. If t\ is error, we can apply rule (ContError) with the same context. 
If t\ is a value, then, by Lemma[6l case (HJ, t\ =n\. Now, if ti is not a value or error, then, by induction 
hypothesis, tj — > t' 2 . So by rule (Crx), with context $ = n\ + [], we get t\ + tj — > t\ + t' 2 . If t% is error, 
we can apply rule (ContError) with the same context. Finally, if ti is a value, then by Lemma|6l case (Q~|), 
h = n 2- Therefore rule (Sum) is applicable. 

If the last applied rule is (T-rebind), then t = t'[r\. If some term in r is not a value, then by Lemma 
[2H7]) and © tj is typed with a value type, and therefore f; — > t\ by induction, so t reduces using rule 
(Ctx). Otherwise t = t'[r v }. Since h t'[r v ] : V, we have that FV(t'[r v ]) = by Lemma |7] From Lemma [8] 
we get that t'[r v ] — > t" for some t". 

4 Conclusion 

We have defined a type system with intersection types for an extension of lambda-calculus with unbind 
and rebind operators introduced in previous work |[T2l [T3l . Besides the traditional use of intersection 
types for typing (finitely) polymorphic functions, this type system shows two novel applications: 

• An intersection type expresses that a term can be used in contexts which provide a different number 
of unbinds. 

• In particular, an unbound term can be used both as a value of type code and in a context providing 
an unbind. 

This type system could be used for call-by-name with minor modifications. However, the call-by- 
value case is more significant since the condition that the argument of an application must reduce to a 
value can be nicely expressed by the notion of value type. 

Moreover, only the number of rebindings which are applied to a term is taken into account, whereas 
no check is performed on the name and the type of the variables to be rebound; this check is performed 
at runtime. This solution is convenient, e.g., in distributed scenarios where code is not all available at 
compile time, or in combination with delegation mechanisms where, in case of dynamic error due to an 
absent/wrong binding, an alternative action is taken. In papers introducing the calculus lfl2l[T3l we have 
also provided an alternative type system (for the call-by-name calculus) which ensures a stronger form 
of safety, that is, that rebinding always succeeds. The key idea is to decorate types with the names of the 
variables which need to be rebound, as done also by Nanevski and Pfenning ifTTl . In this way run-time 
errors arising from absence (or mismatch) in rebind are prevented by a purely static type system, at the 
price of quite sophisticated types. A similar system could be developed for the present calculus. Also the 
type system of Dezani et al. lTT2l [T3l could be enriched with intersection types to get the stronger safety 
for the call-by-value calculus. 

Intersection types have been originally introduced as a language for describing and capturing 
properties of A -terms, which had escaped all previous typing disciplines. For instance, they were used 
in order to give the first type theoretic characterisation of strongly normalising terms EDI , and later in 
order to capture (persistently) normalising terms (H. 

Very early it was realised that intersection types had also a distinctive semantical flavour. Namely, 
they expressed at a syntactical level the fact that a term belonged to suitable compact open sets in a 
Scott domain [4]. Since then, intersection types have been used as a powerful tool both for the analysis 
and the synthesis of A-models. On the one hand, intersection type disciplines provide finitary inductive 
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definitions of interpretation of A -terms in models [7], and they are suggestive for the shape the domain 
model has to have in order to exhibit specific properties ifTOll . 

More recently, systems with both intersection and union types have been proposed for various aims 
01H, but we do not see any gain in adding union types in the present setting. 

Ever since the accidental discovery of dynamic scoping in McCarthy's Lisp 1.0, there has been 
extensive work in explaining and integrating mechanisms for dynamic and static binding. The classical 
reference for dynamic scoping is Moreau's paper lfl6l . which introduces a A -calculus with two distinct 
kinds of variables: static and dynamic. The semantics can be (equivalently) given either by translation 
in the standard A -calculus or directly. In the translation semantics, A -abstractions have an additional 
parameter corresponding to the application-time context. In the direct semantics, roughly, an application 
(Ax.f)v, where x is a dynamic variable, reduces to a dynamic let diet x = v in t. In this construct, free 
occurrences of x in t are not immediately replaced by v, as in the standard static let, but rather reduction 
of t is started. When, during this reduction, an occurrence of x is found in redex position, it is replaced 
by the value of x in the innermost enclosing diet, so that dynamic scoping is obtained. 

In our calculus, the behaviour of the dynamic let is obtained by the unbind and rebind constructs. 
However, there are at least two important differences. Firstly, the unbind construct allows the program- 
mer to explicitly control the program portions where a variable should be dynamically bound. In particu- 
lar, occurrences of the same variable can be bound either statically or dynamically, whereas Moreau |[T6l 
assumes two distinct sets. Secondly, our rebind behaves in a hierarchical way, whereas, taking Moreau's 
approach [16] where the innermost binding is selected, a new rebind for the same variable would rewrite 
the previous one, as also in work by Dezani et al. [11]. For instance, ( x \ x ) [x i->- 1] [x ^ 2] would reduce 
to 2 rather than to 1 . The advantage of our semantics, at the price of a more complicated type system, is 
again more control. In other words, when the programmers want to use "open code", they must explic- 
itly specify the desired binding, whereas in Moreau's paper |[T6l code containing dynamic variables is 
automatically rebound with the binding which accidentally exists when it is used. This semantics, when 
desired, can be recovered in our calculi by using rebinds of the shape t[xi x\,...,x n h-> x n ], where 
x\,...,x n are all the dynamic variables which occur in t. 

Other calculi for dynamic binding and/or rebinding have been proposed (9j[T5l[5]|. We refer to our 
previous papers introducing the calculus 11121 [T3l for a discussion and comparison. 

As already mentioned, an interesting feature of our calculus is that elements of the same set can 
play the double role of standard variables, which can be a -renamed, and names, which cannot be a- 
renamed (if not globally in a program) (UEl- The crucial difference is that in the case of standard 
variables the matching betweeen parameter and argument is done on a positional basis, as demonstrated 
by the de Bruijn notation, whereas in the case of names it is done on a nominal basis. An analogous 
difference holds between tuples and records, and between positional and name-based parameter passing 
in languages, as recently discussed by Rytz and Odersky [21J. 

Distributed process calculi provide rebinding of names, see for instance the work of Sewell ll22l . 
Moreover, rebinding for distributed calculi has been studied fl], where, however, the problem of inte- 
grating rebinding with standard computation is not addressed, so there is no interaction between static 
and dynamic binding. 

Finally, an important source of inspiration has been multi-stage programming as, e.g., in MetaML 
ll23l . notably for the idea of allowing (open) code as a special value, the hierarchical nature of the 
unbind/rebind mechanism and, correspondingly, of the type system. The type system of Taha and Sheard 
ll23l is more expressive than the present one, since both the turn-style and the types are decorated with 
integers. A deeper comparison will be subject of further work. 
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In order to model different behaviours according to the presence (and type concordance) of variables 
in the rebinding environment, we plan to add a construct for conditional execution of rebind [11]. With 
this construct we could model a variety of object models, paradigms and language features. 

Future investigation will also deal with the general form of binding discussed by Tanter (24|, which 
subsumes both static and dynamic binding and also allows fine-grained bindings which can depend on 
contexts and environments. 

Acknowledgments. We warmly thank the anonymous referees for their useful comments. In partic- 
ular, one referee warned us about the problem of avoiding variable capture when applying substitution 
to an unbound term. We also thank Davide Ancona for pointing out the work by Rytz and Odersky ETTl 
and the analogy among the pairs variable/name, tuple/record, positional/nominal, any misinterpretation 
is, of course, our responsibility. 
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